Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. [ 96.426787] audit: type=1400 audit(1544592497.806:36): avc: denied { map } for pid=6175 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/12/12 05:28:18 parsed 1 programs [ 97.103612] audit: type=1400 audit(1544592498.486:37): avc: denied { map } for pid=6175 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=77 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/12/12 05:28:20 executed programs: 0 [ 98.963855] IPVS: ftp: loaded support on port[0] = 21 [ 99.000702] IPVS: ftp: loaded support on port[0] = 21 [ 99.014666] IPVS: ftp: loaded support on port[0] = 21 [ 99.053898] IPVS: ftp: loaded support on port[0] = 21 [ 99.087795] IPVS: ftp: loaded support on port[0] = 21 [ 99.112503] IPVS: ftp: loaded support on port[0] = 21 [ 99.818538] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.826262] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.833821] device bridge_slave_0 entered promiscuous mode [ 99.864164] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.876664] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.884046] device bridge_slave_0 entered promiscuous mode [ 99.892575] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.900003] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.906900] device bridge_slave_1 entered promiscuous mode [ 99.936859] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 99.948138] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.956888] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.967817] device bridge_slave_1 entered promiscuous mode [ 99.981734] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.988174] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.996416] device bridge_slave_0 entered promiscuous mode [ 100.004501] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.012103] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.019170] device bridge_slave_0 entered promiscuous mode [ 100.028067] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.035274] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.042420] device bridge_slave_0 entered promiscuous mode [ 100.050188] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.060012] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.066460] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.075321] device bridge_slave_1 entered promiscuous mode [ 100.082473] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.099024] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.105394] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.114025] device bridge_slave_1 entered promiscuous mode [ 100.121839] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.128197] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.138294] device bridge_slave_0 entered promiscuous mode [ 100.147599] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.162019] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.168391] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.176644] device bridge_slave_1 entered promiscuous mode [ 100.201330] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.225208] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.244105] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.258828] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.266133] device bridge_slave_1 entered promiscuous mode [ 100.286087] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.297044] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.313076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.327471] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.362841] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 100.387429] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.400853] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 100.421190] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.449170] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 100.542087] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 100.564738] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 100.593204] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 100.610597] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 100.619112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 100.636915] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 100.662777] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 100.676110] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 100.689302] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 100.698184] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 100.721528] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 100.741789] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 100.768267] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 100.785247] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 100.795584] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 100.806432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 100.828724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 100.839012] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 100.854001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 100.866398] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 100.885397] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 100.900323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 100.912020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 100.934585] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 100.947698] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 100.955725] team0: Port device team_slave_0 added [ 100.971111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 100.986587] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 101.018066] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.026557] team0: Port device team_slave_1 added [ 101.033571] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 101.073770] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.089127] team0: Port device team_slave_0 added [ 101.130018] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.169073] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.176500] team0: Port device team_slave_1 added [ 101.213141] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.231444] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.241714] team0: Port device team_slave_0 added [ 101.253439] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 101.267407] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.277620] team0: Port device team_slave_0 added [ 101.289087] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.296639] team0: Port device team_slave_0 added [ 101.307400] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.323421] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.331804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.347620] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.355419] team0: Port device team_slave_1 added [ 101.363798] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.375054] team0: Port device team_slave_1 added [ 101.385866] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 101.394939] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.409278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.417365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.429690] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.436948] team0: Port device team_slave_1 added [ 101.446552] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.459745] team0: Port device team_slave_0 added [ 101.470467] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 101.490724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.509131] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.520796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.534621] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 101.551730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.576386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.584806] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.592816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.601140] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 101.611078] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 101.620304] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.627712] team0: Port device team_slave_1 added [ 101.647586] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 101.661813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.675339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.689807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.700759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.708266] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.716115] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.727770] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 101.738620] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 101.750198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.763299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.779332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.788599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.797156] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 101.804702] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 101.817428] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 101.833893] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 101.845497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 101.862575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.878159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.886548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.894565] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.902606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.910452] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.918141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.932175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 101.942846] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 101.965575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.978790] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.989211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.001681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.021204] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 102.045375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.053948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 102.125178] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 102.141469] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.151054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.520820] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.527322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.534294] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.540699] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.565106] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 102.583978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 102.595684] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.602099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.608835] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.615200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.632383] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 102.705274] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.711678] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.718324] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.724748] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.732888] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 102.814215] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.820684] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.827338] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.833761] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.842046] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 102.917280] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.923696] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.930412] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.936783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.946709] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 102.983706] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.990115] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.996754] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.003195] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.018176] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 103.599220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.608009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.624012] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.633049] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.640708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 105.458194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.515940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.715132] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 105.789512] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.803218] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.813691] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 105.833288] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.849641] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.986964] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 106.000604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.016946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.034708] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 106.084334] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 106.107223] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 106.118146] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 106.127025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.136727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.154286] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 106.294206] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.354470] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 106.370303] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 106.376721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.386042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.400526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.408491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.425544] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 106.434925] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 106.455066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.464430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.480575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.495512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.505016] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.647387] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.687398] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.711542] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.746713] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.868968] audit: type=1400 audit(1544592509.246:38): avc: denied { associate } for pid=6204 comm="syz-executor5" name="syz5" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2018/12/12 05:28:29 executed programs: 6 2018/12/12 05:28:34 executed programs: 269 2018/12/12 05:28:39 executed programs: 545 [ 121.438128] ================================================================== [ 121.445683] BUG: KASAN: use-after-free in tipc_group_cong+0x566/0x5d0 [ 121.452294] Read of size 8 at addr ffff8881c59f5000 by task syz-executor4/10565 [ 121.459747] [ 121.461400] CPU: 1 PID: 10565 Comm: syz-executor4 Not tainted 4.20.0-rc6+ #151 [ 121.468769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.478138] Call Trace: [ 121.480746] dump_stack+0x244/0x39d [ 121.484400] ? dump_stack_print_info.cold.1+0x20/0x20 [ 121.489612] ? printk+0xa7/0xcf [ 121.492912] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 121.498044] print_address_description.cold.7+0x9/0x1ff [ 121.503431] kasan_report.cold.8+0x242/0x309 [ 121.507860] ? tipc_group_cong+0x566/0x5d0 [ 121.512120] __asan_report_load8_noabort+0x14/0x20 [ 121.517066] tipc_group_cong+0x566/0x5d0 [ 121.521154] ? tipc_group_update_bc_members+0x1f0/0x1f0 [ 121.526537] ? remove_wait_queue+0x1a6/0x360 [ 121.530973] ? add_wait_queue+0x2b0/0x2b0 [ 121.535156] ? __local_bh_enable_ip+0x160/0x260 [ 121.539846] ? tipc_dest_find+0xea/0x130 [ 121.543936] tipc_send_group_anycast+0x9bb/0xc80 [ 121.548729] ? tipc_send_group_bcast+0xd90/0xd90 [ 121.553517] ? __lock_acquire+0x62f/0x4c20 [ 121.557780] ? __lock_acquire+0x62f/0x4c20 [ 121.562032] ? do_raw_spin_trylock+0x270/0x270 [ 121.566654] ? mark_held_locks+0x130/0x130 [ 121.570912] ? refill_pi_state_cache.part.8+0x310/0x310 [ 121.576302] ? __init_waitqueue_head+0x150/0x150 [ 121.581083] ? mark_held_locks+0x130/0x130 [ 121.581110] ? avc_has_perm+0x469/0x7e0 [ 121.581132] ? check_preemption_disabled+0x48/0x280 [ 121.581156] __tipc_sendmsg+0x12b1/0x1d40 [ 121.589487] ? rcu_softirq_qs+0x20/0x20 [ 121.589514] ? tipc_sendmcast+0xf50/0xf50 [ 121.589534] ? zap_class+0x640/0x640 [ 121.589552] ? print_usage_bug+0xc0/0xc0 [ 121.614557] ? __might_fault+0x12b/0x1e0 [ 121.618612] ? find_held_lock+0x36/0x1c0 [ 121.622676] ? mark_held_locks+0xc7/0x130 [ 121.626817] ? __local_bh_enable_ip+0x160/0x260 [ 121.631478] ? __local_bh_enable_ip+0x160/0x260 [ 121.636141] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 121.640718] ? trace_hardirqs_on+0xbd/0x310 [ 121.645028] ? lock_release+0xa00/0xa00 [ 121.648999] ? lock_sock_nested+0xe2/0x120 [ 121.653225] ? trace_hardirqs_off_caller+0x310/0x310 [ 121.658344] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 121.663877] ? check_preemption_disabled+0x48/0x280 [ 121.668884] ? lock_sock_nested+0x9a/0x120 [ 121.673110] ? lock_sock_nested+0x9a/0x120 [ 121.677337] ? __local_bh_enable_ip+0x160/0x260 [ 121.682003] tipc_sendmsg+0x50/0x70 [ 121.685623] ? __tipc_sendmsg+0x1d40/0x1d40 [ 121.689940] sock_sendmsg+0xd5/0x120 [ 121.693648] ___sys_sendmsg+0x7fd/0x930 [ 121.697613] ? find_held_lock+0x36/0x1c0 [ 121.701669] ? copy_msghdr_from_user+0x580/0x580 [ 121.706419] ? __fd_install+0x2b5/0x8f0 [ 121.710391] ? __fget_light+0x2e9/0x430 [ 121.714356] ? fget_raw+0x20/0x20 [ 121.717805] ? lock_downgrade+0x900/0x900 [ 121.721945] ? lock_release+0xa00/0xa00 [ 121.725910] ? perf_trace_sched_process_exec+0x860/0x860 [ 121.731350] ? posix_ktime_get_ts+0x15/0x20 [ 121.735664] ? trace_hardirqs_off_caller+0x310/0x310 [ 121.740766] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 121.746295] ? sockfd_lookup_light+0xc5/0x160 [ 121.750787] __sys_sendmsg+0x11d/0x280 [ 121.754666] ? __ia32_sys_shutdown+0x80/0x80 [ 121.759110] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 121.764642] ? put_timespec64+0x10f/0x1b0 [ 121.768789] ? do_syscall_64+0x9a/0x820 [ 121.772753] ? do_syscall_64+0x9a/0x820 [ 121.776724] ? trace_hardirqs_off_caller+0x310/0x310 [ 121.781822] __x64_sys_sendmsg+0x78/0xb0 [ 121.785875] do_syscall_64+0x1b9/0x820 [ 121.789752] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 121.795108] ? syscall_return_slowpath+0x5e0/0x5e0 [ 121.800030] ? trace_hardirqs_on_caller+0x310/0x310 [ 121.805037] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 121.810044] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 121.816743] ? __switch_to_asm+0x40/0x70 [ 121.820798] ? __switch_to_asm+0x34/0x70 [ 121.824851] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 121.829690] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.834870] RIP: 0033:0x457679 [ 121.838053] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 121.856947] RSP: 002b:00007f813d748c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 121.864686] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457679 [ 121.871952] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000005 [ 121.879212] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 121.886492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f813d7496d4 [ 121.893756] R13: 00000000004c44dd R14: 00000000004d74c8 R15: 00000000ffffffff [ 121.901061] [ 121.902679] Allocated by task 10551: [ 121.906384] save_stack+0x43/0xd0 [ 121.909830] kasan_kmalloc+0xc7/0xe0 [ 121.913573] kmem_cache_alloc_trace+0x152/0x750 [ 121.918255] tipc_group_create+0x152/0xa70 [ 121.922522] tipc_setsockopt+0x2d1/0xd70 [ 121.926577] __sys_setsockopt+0x1ba/0x3c0 [ 121.930715] __x64_sys_setsockopt+0xbe/0x150 [ 121.935112] do_syscall_64+0x1b9/0x820 [ 121.938991] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.944173] [ 121.945787] Freed by task 10567: [ 121.949183] save_stack+0x43/0xd0 [ 121.952673] __kasan_slab_free+0x102/0x150 [ 121.956898] kasan_slab_free+0xe/0x10 [ 121.960688] kfree+0xcf/0x230 [ 121.963791] tipc_group_delete+0x2e4/0x3f0 [ 121.968016] tipc_sk_leave+0x113/0x220 [ 121.971895] tipc_setsockopt+0x97d/0xd70 [ 121.975947] __sys_setsockopt+0x1ba/0x3c0 [ 121.980084] __x64_sys_setsockopt+0xbe/0x150 [ 121.984485] do_syscall_64+0x1b9/0x820 [ 121.988361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.993536] [ 121.995156] The buggy address belongs to the object at ffff8881c59f5000 [ 121.995156] which belongs to the cache kmalloc-192 of size 192 [ 122.007802] The buggy address is located 0 bytes inside of [ 122.007802] 192-byte region [ffff8881c59f5000, ffff8881c59f50c0) [ 122.019493] The buggy address belongs to the page: [ 122.024415] page:ffffea0007167d40 count:1 mapcount:0 mapping:ffff8881da800040 index:0x0 [ 122.032544] flags: 0x2fffc0000000200(slab) [ 122.036813] raw: 02fffc0000000200 ffffea0007160488 ffffea00071aff08 ffff8881da800040 [ 122.044688] raw: 0000000000000000 ffff8881c59f5000 0000000100000010 0000000000000000 [ 122.052594] page dumped because: kasan: bad access detected [ 122.058295] [ 122.059955] Memory state around the buggy address: [ 122.064879] ffff8881c59f4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 122.072225] ffff8881c59f4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 122.079594] >ffff8881c59f5000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.086938] ^ [ 122.090333] ffff8881c59f5080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 122.097683] ffff8881c59f5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 122.105027] ================================================================== [ 122.112374] Disabling lock debugging due to kernel taint [ 122.133144] Kernel panic - not syncing: panic_on_warn set ... [ 122.139079] CPU: 1 PID: 10565 Comm: syz-executor4 Tainted: G B 4.20.0-rc6+ #151 [ 122.147838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.157203] Call Trace: [ 122.159830] dump_stack+0x244/0x39d [ 122.163487] ? dump_stack_print_info.cold.1+0x20/0x20 [ 122.168737] panic+0x2ad/0x55c [ 122.171943] ? add_taint.cold.5+0x16/0x16 [ 122.176099] ? preempt_schedule+0x4d/0x60 [ 122.180257] ? ___preempt_schedule+0x16/0x18 [ 122.184663] ? trace_hardirqs_on+0xb4/0x310 [ 122.188981] kasan_end_report+0x47/0x4f [ 122.192951] kasan_report.cold.8+0x76/0x309 [ 122.197283] ? tipc_group_cong+0x566/0x5d0 [ 122.201513] __asan_report_load8_noabort+0x14/0x20 [ 122.206434] tipc_group_cong+0x566/0x5d0 [ 122.210490] ? tipc_group_update_bc_members+0x1f0/0x1f0 [ 122.215852] ? remove_wait_queue+0x1a6/0x360 [ 122.220272] ? add_wait_queue+0x2b0/0x2b0 [ 122.224415] ? __local_bh_enable_ip+0x160/0x260 [ 122.229080] ? tipc_dest_find+0xea/0x130 [ 122.233148] tipc_send_group_anycast+0x9bb/0xc80 [ 122.238112] ? tipc_send_group_bcast+0xd90/0xd90 [ 122.242877] ? __lock_acquire+0x62f/0x4c20 [ 122.247117] ? __lock_acquire+0x62f/0x4c20 [ 122.251357] ? do_raw_spin_trylock+0x270/0x270 [ 122.255938] ? mark_held_locks+0x130/0x130 [ 122.260208] ? refill_pi_state_cache.part.8+0x310/0x310 [ 122.265586] ? __init_waitqueue_head+0x150/0x150 [ 122.270340] ? mark_held_locks+0x130/0x130 [ 122.274574] ? avc_has_perm+0x469/0x7e0 [ 122.278542] ? check_preemption_disabled+0x48/0x280 [ 122.283559] __tipc_sendmsg+0x12b1/0x1d40 [ 122.287703] ? rcu_softirq_qs+0x20/0x20 [ 122.291674] ? tipc_sendmcast+0xf50/0xf50 [ 122.295817] ? zap_class+0x640/0x640 [ 122.299526] ? print_usage_bug+0xc0/0xc0 [ 122.303581] ? __might_fault+0x12b/0x1e0 [ 122.307634] ? find_held_lock+0x36/0x1c0 [ 122.311691] ? mark_held_locks+0xc7/0x130 [ 122.315834] ? __local_bh_enable_ip+0x160/0x260 [ 122.320495] ? __local_bh_enable_ip+0x160/0x260 [ 122.325160] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 122.329738] ? trace_hardirqs_on+0xbd/0x310 [ 122.334052] ? lock_release+0xa00/0xa00 [ 122.338020] ? lock_sock_nested+0xe2/0x120 [ 122.342265] ? trace_hardirqs_off_caller+0x310/0x310 [ 122.347366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 122.352895] ? check_preemption_disabled+0x48/0x280 [ 122.357902] ? lock_sock_nested+0x9a/0x120 [ 122.362288] ? lock_sock_nested+0x9a/0x120 [ 122.366554] ? __local_bh_enable_ip+0x160/0x260 [ 122.371291] tipc_sendmsg+0x50/0x70 [ 122.374911] ? __tipc_sendmsg+0x1d40/0x1d40 [ 122.379228] sock_sendmsg+0xd5/0x120 [ 122.383020] ___sys_sendmsg+0x7fd/0x930 [ 122.387004] ? find_held_lock+0x36/0x1c0 [ 122.391060] ? copy_msghdr_from_user+0x580/0x580 [ 122.395810] ? __fd_install+0x2b5/0x8f0 [ 122.399792] ? __fget_light+0x2e9/0x430 [ 122.403770] ? fget_raw+0x20/0x20 [ 122.407226] ? lock_downgrade+0x900/0x900 [ 122.411388] ? lock_release+0xa00/0xa00 [ 122.415355] ? perf_trace_sched_process_exec+0x860/0x860 [ 122.420796] ? posix_ktime_get_ts+0x15/0x20 [ 122.425110] ? trace_hardirqs_off_caller+0x310/0x310 [ 122.430208] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 122.435760] ? sockfd_lookup_light+0xc5/0x160 [ 122.440283] __sys_sendmsg+0x11d/0x280 [ 122.444169] ? __ia32_sys_shutdown+0x80/0x80 [ 122.448571] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 122.454101] ? put_timespec64+0x10f/0x1b0 [ 122.458273] ? do_syscall_64+0x9a/0x820 [ 122.462269] ? do_syscall_64+0x9a/0x820 [ 122.466257] ? trace_hardirqs_off_caller+0x310/0x310 [ 122.471356] __x64_sys_sendmsg+0x78/0xb0 [ 122.475409] do_syscall_64+0x1b9/0x820 [ 122.479292] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 122.484647] ? syscall_return_slowpath+0x5e0/0x5e0 [ 122.489568] ? trace_hardirqs_on_caller+0x310/0x310 [ 122.494579] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 122.499591] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 122.506268] ? __switch_to_asm+0x40/0x70 [ 122.510326] ? __switch_to_asm+0x34/0x70 [ 122.514391] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 122.519258] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 122.524444] RIP: 0033:0x457679 [ 122.527642] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 122.546537] RSP: 002b:00007f813d748c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.554253] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457679 [ 122.561524] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000005 [ 122.568796] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 122.576057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f813d7496d4 [ 122.583332] R13: 00000000004c44dd R14: 00000000004d74c8 R15: 00000000ffffffff [ 122.591616] Kernel Offset: disabled [ 122.595265] Rebooting in 86400 seconds..